Microsoft's next-generation security initiative, dubbed "Securing The Perimeter," includes a major update of the Windows Server Software Update Service (SUS) during the first half of 2004 and partnerships with firewall vendors to deflect future attacks, the company's software management chief said.

In a wide-ranging interview with CRN this week, Bob Muglia, senior vice president of Microsoft's Enterprise Management Division, said the company is taking significant steps beyond patch management to better secure the Windows infrastructure.

"Securing Windows is our top priority right now," said Muglia, who hit the road this week to discuss security issues and to detail the 22 October launch of Systems Management Server 2003. "Securing the perimeter is how you put in place countermeasures beyond patch management. While we continue to make the operating system more secure at its core and issue patches, it's not the only thing we're focusing on."

The management chief said Microsoft recently ordered OEMs to start turning on the Windows Internet Connection Firewall (ICF) by default on all Windows XP-based PCs. "That's going to happen very quickly," he said. "We told OEMs to do that right after Blaster [the virus that hit this summer]. Those that had ICF turned on didn't get Blaster."

And while Muglia declined to go into specifics about the perimeter plan, he said a common infrastructure for patch management is needed. The major upgrade of SUS will help administrators automate the deployment of security fixes and patches in a more transparent fashion to Windows 2000/2003 servers and desktop PCs running Windows 2000 Professional or Windows XP Professional.